diff --git a/pippo-controller-parent/pippo-controller/src/test/java/ro/pippo/DynamicJar.java b/pippo-controller-parent/pippo-controller/src/test/java/ro/pippo/DynamicJar.java
index 93415b6d..c8b4577f 100644
--- a/pippo-controller-parent/pippo-controller/src/test/java/ro/pippo/DynamicJar.java
+++ b/pippo-controller-parent/pippo-controller/src/test/java/ro/pippo/DynamicJar.java
@@ -233,7 +233,11 @@ private void extract(Path jarPath, Path destDir) throws IOException {
             Enumeration<JarEntry> enumEntries = jar.entries();
             while (enumEntries.hasMoreElements()) {
                 JarEntry entry = enumEntries.nextElement();
-                File f = destDir.resolve(entry.getName()).toFile();
+                final Path zipEntryPath = destDir.resolve(entry.getName());
+                if (!zipEntryPath.normalize().startsWith(destDir.normalize())) {
+                    throw new IOException("Bad zip entry");
+                }
+                File f = zipEntryPath.toFile();
                 f.getParentFile().mkdirs();
                 InputStream is = jar.getInputStream(entry);
                 FileOutputStream fos = new FileOutputStream(f);